Auto-Update: 2024-01-08T21:00:24.445554+00:00

fkie-cad · Jan 8, 2024 · 9205029 · 9205029
1 parent 8dba4af
commit 9205029
Show file tree

Hide file tree

Showing 88 changed files with 3,841 additions and 266 deletions.
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25095.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25095.json
@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2018-25095",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-01-08T19:15:08.377",
+  "lastModified": "2024-01-08T19:30:10.403",
+  "vulnStatus": "Awaiting Analysis",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/16cc47aa-cb31-4114-b014-7ac5fbc1d3ee",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2021/CVE-2021-36xx/CVE-2021-3600.json b/CVE-2021/CVE-2021-36xx/CVE-2021-3600.json
@@ -0,0 +1,51 @@
+{
+  "id": "CVE-2021-3600",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-01-08T19:15:08.470",
+  "lastModified": "2024-01-08T19:30:10.403",
+  "vulnStatus": "Awaiting Analysis",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.1,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://ubuntu.com/security/notices/USN-5003-1",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2021/CVE-2021-469xx/CVE-2021-46901.json b/CVE-2021/CVE-2021-469xx/CVE-2021-46901.json
@@ -2,23 +2,87 @@
   "id": "CVE-2021-46901",
   "sourceIdentifier": "[email protected]",
   "published": "2023-12-31T07:15:07.443",
-  "lastModified": "2024-01-01T02:12:45.130",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2024-01-08T19:09:08.890",
+  "vulnStatus": "Analyzed",
   "descriptions": [
     {
       "lang": "en",
       "value": "examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network."
+    },
+    {
+      "lang": "es",
+      "value": "example/6lbr/apps/6lbr-webserver/httpd.c en CETIC-6LBR (tambi\u00e9n conocido como 6lbr) 1.5.0 tiene un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria strcat a trav\u00e9s de una solicitud de una URL larga a trav\u00e9s de una red 6LoWPAN."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:cetic:cetic-6lbr:1.5.0:*:*:*:*:*:*:*",
+              "matchCriteriaId": "E465E0D8-8E05-4C5D-B4FD-CE7B5AFC5E46"
+            }
+          ]
+        }
+      ]
     }
   ],
-  "metrics": {},
   "references": [
     {
       "url": "https://github.com/cetic/6lbr/blob/c3092a1ccc6b6b0e668f33f6f4b2d6967975d664/examples/6lbr/apps/6lbr-webserver/httpd.c#L119",
-      "source": "[email protected]"
+      "source": "[email protected]",
+      "tags": [
+        "Patch"
+      ]
     },
     {
       "url": "https://github.com/cetic/6lbr/issues/414",
-      "source": "[email protected]"
+      "source": "[email protected]",
+      "tags": [
+        "Exploit",
+        "Issue Tracking",
+        "Vendor Advisory"
+      ]
     }
   ]
 }
diff --git a/CVE-2022/CVE-2022-25xx/CVE-2022-2585.json b/CVE-2022/CVE-2022-25xx/CVE-2022-2585.json
@@ -2,8 +2,8 @@
   "id": "CVE-2022-2585",
   "sourceIdentifier": "[email protected]",
   "published": "2024-01-08T18:15:44.383",
-  "lastModified": "2024-01-08T18:15:44.383",
-  "vulnStatus": "Received",
+  "lastModified": "2024-01-08T19:05:05.707",
+  "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",

diff --git a/CVE-2022/CVE-2022-25xx/CVE-2022-2586.json b/CVE-2022/CVE-2022-25xx/CVE-2022-2586.json
@@ -2,8 +2,8 @@
   "id": "CVE-2022-2586",
   "sourceIdentifier": "[email protected]",
   "published": "2024-01-08T18:15:44.620",
-  "lastModified": "2024-01-08T18:15:44.620",
-  "vulnStatus": "Received",
+  "lastModified": "2024-01-08T19:05:05.707",
+  "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",

diff --git a/CVE-2022/CVE-2022-25xx/CVE-2022-2588.json b/CVE-2022/CVE-2022-25xx/CVE-2022-2588.json
@@ -2,8 +2,8 @@
   "id": "CVE-2022-2588",
   "sourceIdentifier": "[email protected]",
   "published": "2024-01-08T18:15:44.840",
-  "lastModified": "2024-01-08T18:15:44.840",
-  "vulnStatus": "Received",
+  "lastModified": "2024-01-08T19:05:05.707",
+  "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",

diff --git a/CVE-2022/CVE-2022-26xx/CVE-2022-2602.json b/CVE-2022/CVE-2022-26xx/CVE-2022-2602.json
@@ -2,8 +2,8 @@
   "id": "CVE-2022-2602",
   "sourceIdentifier": "[email protected]",
   "published": "2024-01-08T18:15:45.037",
-  "lastModified": "2024-01-08T18:15:45.037",
-  "vulnStatus": "Received",
+  "lastModified": "2024-01-08T19:05:05.707",
+  "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",

diff --git a/CVE-2022/CVE-2022-33xx/CVE-2022-3328.json b/CVE-2022/CVE-2022-33xx/CVE-2022-3328.json
@@ -2,8 +2,8 @@
   "id": "CVE-2022-3328",
   "sourceIdentifier": "[email protected]",
   "published": "2024-01-08T18:15:45.233",
-  "lastModified": "2024-01-08T18:15:45.233",
-  "vulnStatus": "Received",
+  "lastModified": "2024-01-08T19:05:05.707",
+  "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",

diff --git a/CVE-2023/CVE-2023-10xx/CVE-2023-1032.json b/CVE-2023/CVE-2023-10xx/CVE-2023-1032.json
@@ -0,0 +1,71 @@
+{
+  "id": "CVE-2023-1032",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-01-08T19:15:08.663",
+  "lastModified": "2024-01-08T19:30:10.403",
+  "vulnStatus": "Awaiting Analysis",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "HIGH",
+          "baseScore": 4.7,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.5,
+        "impactScore": 4.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-415"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://ubuntu.com/security/notices/USN-5977-1",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://ubuntu.com/security/notices/USN-6024-1",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://ubuntu.com/security/notices/USN-6033-1",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://www.openwall.com/lists/oss-security/2023/03/13/2",
+      "source": "[email protected]"
+    }
+  ]
+}